Hello Manjunath- Looks like you are creating multiple JMX connectors (one is JVM default, the other is ActiveMQ creating one per your non-default configuration). ActiveMQ does not need a dedicated connector, so you can modify the <managementContext createConnector=“false” /> and just use the -D parameters.
ref: https://activemq.apache.org/jmx <https://activemq.apache.org/jmx> Thanks, Matt Pavlovich > On Nov 7, 2022, at 12:21 PM, Manjunath Kashyap <mail2manjukash...@gmail.com> > wrote: > > Hi All, > > ISSUE: > > We have Installed AMQ in a MASTER/SLAVE pair for both Consumers and Producers. > We also have installed the Web console to list all the queues using the MBEAN > connector. > AS part of this implementation, we have provided the JMX plain username and > password in the Catalina.sh script. > > We have been told this is a Security threat and are requested to remove the > Plain password from the process.The config and output is as shown below. > > activemq.xml: > > <managementContext> > <managementContext createConnector="true" > connectorPort="5014"> > <property > xmlns="http://www.springframework.org/schema/beans"; name="environment"> > <map xmlns="http://www.springframework.org/schema/beans";> > <entry xmlns="http://www.springframework.org/schema/beans"; > key="jmx.remote.x.password.file" > value="${activemq.base}/conf/jmx.password"/> > <entry xmlns="http://www.springframework.org/schema/beans"; > key="jmx.remote.x.access.file" > value="${activemq.base}/conf/jmx.access"/> > </map> > </property> > </managementContext> > > > Catalina.sh : > > JAVA_OPTS="$JAVA_OPTS -Dwebconsole.type=properties > -Dwebconsole.jms.url=failover:\(tcp://MASTER:52671,tcp://SLAVE:52671\) > -Dwebconsole.jmx.url=service:jmx:rmi:///jndi/rmi://MASTER:5014/jmxrmi,service:jmx:rmi:///jndi/rmi://SLAVE:5014/jmxrmi > -Dwebconsole.jmx.user=admin -Dwebconsole.jmx.password=*******” > > > The process displays the password in plain text. So to overcome this issue we > tried the below configuration in Catalina.sh but no luck, > > JAVA_OPTS="$JAVA_OPTS -Dwebconsole.type=properties > -Dwebconsole.jms.url=failover:\(tcp://MASTER:52671,tcp://SLAVE:52671\) > -Dwebconsole.jmx.url=service:jmx:rmi:///jndi/rmi://MASTER:5014/jmxrmi,service:jmx:rmi:///jndi/rmi://SLAVE:5014/jmxrmi > -Dcom.sun.management.jmxremote.ssl=false > -Dcom.sun.management.jmxremote.password.file=/opt/sncr/product/ActiveMQ/DEV/AMQ_ETL_MASTER/apache-activemq-5.16.4/conf/jmx.password > > -Dcom.sun.management.jmxremote.access.file=/opt/sncr/product/ActiveMQ/DEV/AMQ_ETL_MASTER/apache-activemq-5.16.4/conf/jmx.access > -Dcom.sun.management.jmxremote.rmi.port=5014 > -Dcom.sun.management.jmxremote.authenticate=true” > > > Question: Is there a way to hide the password in the tomcat configuration to > authenticate to the brokers? > > > Thanks, > Kashyap.
